Digitalocean Jitsi

Social distancing has shaped an increase in usage of remote working tools.One such tool is Jitsi video conferencing. In this article Iwant to describe how easy it is to spin up a free video conferencing server.The tools used are Jitsi, the open source and free video conferencing software,Terraform and Ansible.As cloud provider I leverage Digital Ocean because of its competitive pricing.

Digitalocean jitsi meet

Jitsi Meet has both a hosted (free) and self-hosted option. It is completely open source, and freely available for you and your friends / family / teams to. DigitalOcean Marketplace jitsi-server 2.1 considered vulnerable #7 opened May 5, 2020 by sunny75016. Recording installed as part of the image #6 opened May 5, 2020 by danielhjames. #5 opened May 4, 2020.

Note that while the software is free, depending on which server you provision,different costs may apply.

Jitsi

Jitsi (https://jitsi.org/) is an open source video conferencing solutionthat is encrypted and leverages the latest Web standards. Thus, you onlyneed a browser to talk to other people.It was founded in 2013 by Emil Ivov. The name Jitsi comes from theBulgarian word жици which means “wires”. Since 2013 the developercommunity around Jitsi has continued to increase.

Server Creation

In order to quickly create a server on Digital Ocean I use the tool Terraform (https://www.terraform.io/).It can reproducibly create server instances on most cloud platforms just by writingconfiguration files.

This is what an example instance of Jitsi would look like. It is recommended tohave at a minimum a server with 3GB, better 4GB of RAM.

You need to adapt the path to you public key file and the regionwhere the server resides in.

Digitalocean install jitsi

Then run the commands:

You will be asked your Digital Ocean token that you can retrieve from theconsole of Digital Ocean.

DNS Configuration

Digital Ocean Jitsi

Once your server is created you can find the IP address in the terraform.tfstatefile under ip4_address.

You now apply this address to your DNS configuration. In CloudFlare for example,your create a DNS A record with the IP address as content and “DNS Only”.

After you have applied the DNS changes, you need to wait until they are updated in the DNSservers. This can take a while and you can check with dig or nslookup if this is the case.

Software Installation

For an automated installation of Jitsi on the Ubuntu Linux server we use the free Ansible (https://www.ansible.com/)tool. You can install it on Mac with a simple brew install ansible. For otheroperating systems check the installation guide on ansible.com.

In order for the Ansible script to work you need to adapt three variables. One is found inthe hosts file. There you need to change the ansible_host to your IP server address.Then there are two variables in the install_jitsi.yml script. One is the domain name (domain_name)which is the domain you have configured, for example with Cloudflare or your DNS system.The other variable is the email address (email_address) you need for the Let’s Encrypt software thatwill generate a valid TLS certificate.

hosts

install_jitsi.yml

In order to run the installation of Jitsi on your target host you need to runthe following command:

Testing

Jitsi Digitalocean Subdomain

If everything went fine with the installation you can check it andenter the domain name you configured in the browser.

The video conferencing interface of Jitsi should now appear and youcan start creating a room and go chatting.

Conclusion

While there is now a Digital Ocean Marketplace image ofJitsi (https://marketplace.digitalocean.com/apps/jitsi-server),I think the solution in this article can be flexibly applied toother environments as well, like an in-house server or serversat other cloud providers.

References

GitHub source code: https://github.com/tderflinger/jitsi-deployment

Jitsi: https://jitsi.org/

Terraform: https://www.terraform.io/

Ansible: https://www.ansible.com/

Digital Ocean: https://www.digitalocean.com/

Digitalocean Jitsi

Wikipedia Jitsi: https://en.wikipedia.org/wiki/Jitsi

In chapter 8.1, I talked about a great alternative to Zoom and other 'work from home' video apps. Today, I want to dig deeper into the fine tuning of an own server setup and other apps to use.

There are many free use Jitsi servers all over the internet. Riot and Mattermost have the option, via widgets, for one click activation. Unfortunately with Riot you are forced to use their Jitsi setup and therefore not allow you to use your own. Of course, that's an easy fix by just sharing your own or favorite server in the group chat.

One step at a time..

Let's assume you want to host your own Jitsi server, perhaps on Hetzner or DigitalOcean or any other cloud server you trust, follow this for the offical setup on Jitsi:

or the one click marketplace droplet on DigitalOcean:

Next things next

You do not need an account on Jitsi, all you need is a browser or an app! And here is the first big issue!

The iOS and the official Google Play Store app of Jitsi hosts some trackers:

Digitalocean Install Jitsi

  • Google CrashLytics
  • Google Firebase Analytics
  • Amplitude

Use the f-droid version on Android or just the browser of your choice on any desktop. The f-droid version is stripped all analytics and is safe to use, and the browser option is as clean as your server instance is ;)

Profile

If you chose a profile that shows your name and lets you configure your own server, we have another small problem, but with an easy fix. The app will then try to connect to gravatar.com!

Since we are not keen on connecting to 3rd parties, use the terminal of your server thus:

Acronis drive cloning

nano /etc/jitsi/meet/<domain>-config.js

disableThirdPartyRequests: true,

Now there is no connection anymore to gravatar, except with the STUN-Server, easily fixed, open the terminal:

/etc/jitsi/meet/<domain>-config.js

this is what you will find in the config.js:

stunServers: [

Digitalocean Jitsi Meet

replace it with one that you trust!

If you have your own sever you might want to do some fine tuning on the config.js:

nano /etc/jitsi/meet/<domain>-config.js

standard language:

defaultLanguage: 'en',

change resolution from 720 to 480:

Perhaps for additional privacy you can force the Jitsi feed to start with voice only (and then the user can activate it once they are on).

startAudioOnly: true,

Jitsi is working on E2EE in video conferences for 2 or more people. Remember at this very moment Jitsi is maybe still your best bet when it comes to all the conferences options out there, but its still only encrypted on one 2 one video chat.

Digitalocean install jitsi

Taking everything into consideration, Jitsi is safer than Zoom, Facebook or Google.

Plus you can self host it!

Enjoy your video conferences during this transition to the strange 'new normal' world.

Switch to Jitsi and stay safe! WFH with a more private twist!